Commit Graph
151 Commits
Author SHA1 Message Date
Tam Nhu Tran 4458774d5c fix(ci): align stable release runner 2026-04-28 23:30:33 -04:00
Tam Nhu Tran 0381fa9b52 fix(ci): align release sync with protected dev checks 2026-04-28 23:14:25 -04:00
Kai (Tam Nhu) TranandGitHub 8d4a7761b1 fix(ci): guard generated dev release commits 2026-04-28 22:33:14 -04:00
Kai (Tam Nhu) TranandGitHub fea7f18687 fix(ci): keep dev release commits visible to PR checks 2026-04-28 22:18:45 -04:00
Tam Nhu Tran 9a28ca55d8 fix(cliproxy): tolerate plain AI provider model rules 2026-04-28 14:19:21 -04:00
Tam Nhu Tran aa4a05e859 ci: preserve fast test budget summary on failure 2026-04-23 19:52:12 -04:00
Tam Nhu Tran 4c677507d0 ci: add fast test budget warning 2026-04-23 17:25:48 -04:00
Tam Nhu Tran ddfbcb63f4 docs(contrib): align local gate shortcuts 2026-04-22 15:12:24 -04:00
Tam Nhu Tran b314cf353e fix(ci): keep release workflows on full test coverage 2026-04-22 15:12:07 -04:00
Tam Nhu Tran c9eaae17c1 docs(contrib): clarify CI lanes and parity gates 2026-04-22 15:07:12 -04:00
Tam Nhu Tran 051f78aee7 chore(ci): split dev quality checks from release automation 2026-04-22 15:05:44 -04:00
Tam Nhu Tran e2ca197397 fix: preserve codex effort suffixes in dashboard profiles 2026-04-22 14:24:00 -04:00
Tam Nhu Tran 08edf1eef4 fix(ci): isolate bun cache per job 2026-04-21 12:34:43 -04:00
Tam Nhu Tran 06fffd3025 fix(ci): use PAT token for dev release pushes
- align dev-release workflow with protected-branch bypass used by release.yml

- add a workflow regression test so checkout and release auth do not drift back to github.token
2026-04-20 14:56:25 -04:00
Tam Nhu Tran 1b3ca82a84 fix(ci): stop caching node_modules in GitHub Actions
- cache only Bun's package cache so CI stops restoring partial hard-linked node_modules trees

- bump the cache key to avoid reusing corrupt node_modules archives on self-hosted runners
2026-04-20 13:23:42 -04:00
Tam Nhu Tran 69da284104 test(proxy): gate proxy e2e coverage in checks 2026-04-20 12:44:53 -04:00
Wooseong Kim 02747edb72 fix(ci): validate cached ui dependencies 2026-04-20 14:15:00 +09:00
Tam Nhu Tran ad54e179b6 ci: add concurrency group and split build/test with artifact sharing
- Add concurrency group keyed on github.ref with cancel-in-progress to stop superseded runs on rapid pushes
- Split validate matrix into: validate (typecheck/lint/format), build, test
- Build uploads dist/ artifact; test downloads instead of rebuilding (removes inline build:all duplication)
- Net: faster feedback, less runner time, DRY build step
2026-04-19 15:40:21 -04:00
Tam Nhu Tran b014b5cb51 chore(ci): parallelize CI matrix + cache, tighten AI-facing quality gate
- ci.yml: 5-job matrix (typecheck/lint/format/build/test), fail-fast off,
  actions/cache on ~/.bun/install/cache + node_modules + ui/node_modules.
  Target wall time ~60-90s vs prior ~3-4min.
- .husky/pre-push: add bun run build:all to feature-branch fast gate so
  UI tsc -b errors are caught pre-push (~18s warm).
- CLAUDE.md (symlinked as AGENTS.md): fix validate drift (maintainability
  is NOT part of validate), add CI-First Protocol mandating gh pr checks
  --watch after every push, replace pre-commit checklist with two-tier
  model (iterative push vs pre-merge).

Branch protection on main/dev must be updated post-merge to require the
new matrix status checks instead of the single legacy "validate" check.
2026-04-19 14:47:18 -04:00
Tam Nhu Tran 4bd16b89ce fix(ci): restore PR-Agent reviewer bot identity 2026-04-14 17:22:50 -04:00
Tam Nhu Tran 9a91901a9b fix(ci): allow PR-Agent dispatch bot reruns 2026-04-14 14:19:28 -04:00
Tam Nhu Tran 0d2ce7d1b3 fix(ci): restore trusted PR review dispatch 2026-04-14 13:47:55 -04:00
Tam Nhu Tran d6ec5eeebd fix(ci): preserve AI review variable contract 2026-04-14 13:28:29 -04:00
Tam Nhu Tran e1271e2dbf fix(ci): restrict self-hosted PR-Agent comment triggers 2026-04-14 12:43:25 -04:00
Tam Nhu Tran 25216eaf33 feat(ci): migrate AI review to self-hosted PR-Agent 2026-04-14 12:39:52 -04:00
Tam Nhu Tran 026ff6cedd refactor(ci): make ai-review model/endpoint configurable via repository variables
- replace hardcoded GLM endpoint with vars.AI_REVIEW_BASE_URL
- replace hardcoded model with vars.AI_REVIEW_MODEL
- use secrets.AI_REVIEW_API_KEY for auth token
- add configuration reference in header comment
2026-04-13 11:27:15 -04:00
Tam Nhu Tran f954f0f8ab hotfix: update ai-review workflow model budget
- switch the reviewer workflow from glm-5-turbo to glm-5.1

- increase workflow timeout to 20 minutes and max turns to 45

- lock the workflow test to the full reviewer model configuration

Closes #922
2026-04-07 16:43:30 -04:00
Tam Nhu Tran 58a0fc43e6 hotfix(ci): restore default ai review output 2026-04-02 14:36:12 -04:00
Tam Nhu Tran 0be4ef7a0d hotfix(ci): expand ai review comment layout 2026-04-02 03:14:49 -04:00
Tam Nhu Tran 25dddf4707 hotfix(ci): compact ai review comments and switch to glm-5-turbo 2026-04-02 01:07:03 -04:00
Tam Nhu Tran f6779a503a hotfix(ci): preserve literal snippet indentation in ai review comments 2026-04-02 00:48:14 -04:00
Tam Nhu Tran 07b4275543 hotfix(ci): render fenced evidence snippets in ai review comments 2026-04-02 00:44:44 -04:00
Tam Nhu Tran f47e7ae5a7 hotfix(ci): clean up ai review reruns and logging 2026-04-02 00:31:51 -04:00
Tam Nhu Tran 5b9427f8a0 hotfix(ci): restore reliable structured ai review comments 2026-04-02 00:24:29 -04:00
Tam Nhu Tran 4e05488c19 hotfix(ci): keep ai review feedback fast and deterministic 2026-04-01 22:20:55 -04:00
Tam Nhu Tran 3935574494 fix(ci): degrade timed-out ai reviews gracefully 2026-04-01 20:38:14 -04:00
Tam Nhu Tran 44e2a49650 fix(ci): resolve self-hosted Claude path dynamically 2026-04-01 20:24:52 -04:00
Tam Nhu Tran 09276518a7 fix(ci): repair ai review fallback scope script 2026-04-01 20:18:28 -04:00
Tam Nhu Tran 0883b9a8fe fix(ci): use self-hosted Claude binary for ai review 2026-04-01 20:13:03 -04:00
Tam Nhu Tran 7396179c72 feat(ci): bound ai review runtime for large PRs
- add trusted scope generation for bounded ai-review runs
- restrict large PR reviews to a prepared read-only workspace
- render explicit mode, scope, and budget metadata in review comments

Closes #880
2026-04-01 19:54:11 -04:00
Tam Nhu Tran fa37f391c1 fix: harden ai review comment formatting 2026-03-30 16:08:21 -04:00
Tam Nhu Tran 4950be7fc0 fix(ci): harden ai review output
- replace raw assistant-text fallback with structured output normalization

- simplify the review prompt toward a tighter findings-only contract

- add tests for malformed output, safe fallback, and markdown escaping
2026-03-30 14:22:59 -04:00
Tam Nhu Tran bcbf8a236d fix(ai-review): increase max-turns to 40 and add hotfix commitlint type
- Bump --max-turns 30→40 for comprehensive single-reviewer prompt
- Add 'hotfix' to commitlint allowed types (already in .releaserc.cjs)
2026-03-29 13:01:55 -04:00
Tam Nhu Tran fb8b26c694 fix(ai-review): revert to single-job review with enhanced prompt
Multi-job parallel pipeline proved too fragile for CI:
- Agent tool unavailable in claude-code-action
- 6-job workflow: artifact passing failures, turn budget exhaustion
- GLM API errors cascade across jobs

Reverts to proven single-job architecture. Keeps enhanced prompt
combining security, quality, and CCS compliance scopes.
2026-03-29 13:00:09 -04:00
Tam Nhu Tran 106067fefb fix(ai-review): bump orchestrator max-turns 20→25 for large PR merges 2026-03-29 12:33:38 -04:00
Tam Nhu Tran 1c4fc96d33 fix(ai-review): increase turn budget and improve fallback extraction
- Increase per-reviewer max-turns 25→40 (security review hit limit on
  large PRs like codex runtime with ~5000 line diff)
- Increase orchestrator max-turns 15→20
- Improve fallback extraction: concatenate ALL assistant messages (not
  just last) when reviewer hits turn limit without writing output file
- Add descriptive prefix to fallback output explaining why extraction
  was needed (e.g., "hit turn limit", "no execution log")
- Ensures something meaningful is posted even when CI jobs fail
2026-03-29 12:21:28 -04:00
Tam Nhu Tran 86f45c2274 style(ai-review): add emojis to orchestrator output format sections 2026-03-28 21:09:56 -04:00
Tam Nhu Tran 97f07c2b12 refactor(ai-review): matrix strategy + orchestrator AI merge
- Replace 3 duplicate review jobs with 1 matrix job (-200 lines)
  Matrix entries: Security, Quality, CCS Compliance (run in parallel)
- Restore review-prompt.md as orchestrator merge prompt
  (dedup, severity rank, unified assessment, security+CCS tables)
- Aggregate job now runs claude-code-action with orchestrator prompt
  to produce polished unified review (not just stapled sections)
- Fallback to simple concat if orchestrator fails
- Dynamic prompt access via outputs[matrix.prompt_output] syntax
2026-03-28 21:02:57 -04:00
Tam Nhu Tran 8c371e73a3 feat(ai-review): workflow-level parallel review jobs
Replace single monolithic review job with 3 parallel GitHub Actions jobs
running simultaneously. Agent tool is unavailable in claude-code-action,
so parallelism is achieved at the workflow level instead.

Pipeline: prepare → load-prompts → 3 parallel reviews → aggregate

Jobs:
- prepare: resolve PR metadata and runner (unchanged)
- load-prompts: load focused prompts from base branch (security model)
- security-review: injection, auth, race conditions, supply chain
- quality-review: error handling, false assumptions, performance
- ccs-review: CCS-specific project compliance rules
- aggregate: merge 3 outputs into single PR comment

Each reviewer runs independently with 10min timeout, 25 max-turns.
Aggregate is pure bash (no API calls) — downloads artifacts, merges,
posts/updates single deduped comment.

Closes #843
2026-03-28 20:55:42 -04:00
Tam Nhu Tran d2510fc860 fix(ai-review): use printf for subagent prompt outputs, match existing pattern
Replace echo with printf '%s\n' for subagent prompt GITHUB_OUTPUT writes
to match the existing main prompt pattern (line 216). Prevents edge case
where echo misinterprets leading -n/-e as flags.
2026-03-28 20:24:46 -04:00